The table below lists the keys and values in a message with the File Web Antivirus
event type.
Information about an event with the File Web Antivirus event type
Key |
Value |
---|---|
cs4 cs4Label |
Event priority. This value is displayed by default. For security rules for filtering based on MIME types or file names: if a file is blocked ( |
devicePayloadId |
Session ID. |
deviceDirection |
Connection direction from the raw event. Possible values:
This value is displayed by default. |
cs1 cs1Label |
Detected object. This value is displayed by default. |
|
Action performed when the domain was visited. This value is displayed by default. |
cs3 cs3Label |
Sources of the detection. One or more values can be specified. If there are multiple detection sources, the entire chain of sources involved in the detection (list) is indicated. Possible values (in the order of display):
|
rt |
Date and time when the event was generated on the Kaspersky NGFW device (the session was removed and ended up in the Kaspersky NGFW Session manager). Format: |
dtz |
Time zone on the device |
dvchost |
Host name of the Kaspersky NGFW device. This value is displayed by default. |
src |
Source IP address. This value is displayed by default. |
dst |
Destination IP address (from which the file was downloaded). This value is displayed by default. |
proto |
L3–L4 protocol. Always This value is displayed by default. |
spt |
Source port. |
|
Destination port (from which the file was downloaded). |
app |
L7 protocol from the Application Control detection. Possible value: This value is displayed by default. |
request |
Visited URL (full path). This value is displayed by default. |
cat |
Software category of the detected object. This value is displayed by default. For security rules for filtering based on MIME types or file names: if a file is blocked ( Possible values:
|
KasperskyNGFWAntivirusProfile |
Triggered Anti-Virus security profile. This value is displayed by default. |
fsize |
File size (taken from the http header). |
|
Body of the message. Possible messages:
|